handle updates by updating the branch ref

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 18.19.41 to 18.19.42.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/ci.yml

@@ -19,21 +19,21 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
-          node-version: 16.x
+          node-version: 20.x
           cache: npm
       - run: npm ci
       - run: npm run build
       - run: npm run format-check
       - run: npm run lint
       - run: npm run test
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: dist
           path: dist
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: action.yml
           path: action.yml
@@ -46,16 +46,16 @@ jobs:
       matrix:
         target: [built, committed]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: main
       - if: matrix.target == 'built' || github.event_name == 'pull_request'
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: dist
           path: dist
       - if: matrix.target == 'built' || github.event_name == 'pull_request'
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: action.yml
           path: .
@@ -68,8 +68,8 @@ jobs:
         uses: ./
         with:
           commit-message: '[CI] test ${{ matrix.target }}'
-          committer: GitHub <noreply@github.com>
+          committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
           title: '[CI] test ${{ matrix.target }}'
           body: |
             - CI test case for target '${{ matrix.target }}'
@@ -92,7 +92,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Find Comment
-        uses: peter-evans/find-comment@v2
+        uses: peter-evans/find-comment@v3
         id: fc
         with:
           issue-number: ${{ github.event.number }}
@@ -101,7 +101,7 @@ jobs:
 
       - if: steps.fc.outputs.comment-id == ''
         name: Create comment
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@v4
         with:
           issue-number: ${{ github.event.number }}
           body: |
@@ -115,13 +115,13 @@ jobs:
     needs: [test]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: dist
           path: dist
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.ACTIONS_BOT_TOKEN }}
           commit-message: 'build: update distribution'

.github/workflows/cpr-example-command.yml

@@ -6,7 +6,7 @@ jobs:
   createPullRequest:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Make changes to pull request
         run: date +%s > report.txt
@@ -16,8 +16,8 @@ jobs:
         uses: ./
         with:
           commit-message: Update report
-          committer: GitHub <noreply@github.com>
+          committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
           signoff: false
           title: '[Example] Update report'
           body: |
@@ -42,7 +42,7 @@ jobs:
           echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
 
       - name: Add reaction
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@v4
         with:
           repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
           comment-id: ${{ github.event.client_payload.github.payload.comment.id }}

.github/workflows/slash-command-dispatch.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Slash Command Dispatch
-        uses: peter-evans/slash-command-dispatch@v3
+        uses: peter-evans/slash-command-dispatch@v4
         with:
           token: ${{ secrets.ACTIONS_BOT_TOKEN }}
           config: >
@@ -19,7 +19,7 @@ jobs:
                 "named_args": true
               },
               {
-                "command": "testv4",
+                "command": "testv5",
                 "permission": "admin",
                 "repository": "peter-evans/create-pull-request-tests",
                 "named_args": true

.github/workflows/update-major-version.yml

@@ -11,14 +11,14 @@ on:
         type: choice
         description: The major version tag to update
         options:
-          - v4
           - v5
+          - v6
 
 jobs:
   tag:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         token: ${{ secrets.ACTIONS_BOT_TOKEN }}
         fetch-depth: 0

README.md

@@ -21,20 +21,21 @@ Create Pull Request action will:
 
 - [Concepts, guidelines and advanced usage](docs/concepts-guidelines.md)
 - [Examples](docs/examples.md)
-- [Updating to v5](docs/updating.md)
+- [Updating to v6](docs/updating.md)
+- [Common issues](docs/common-issues.md)
 
 ## Usage
 
 ```yml
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       # Make changes to pull request here
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
 ```
 
-You can also pin to a [specific release](https://github.com/peter-evans/create-pull-request/releases) version in the format `@v5.x.x`
+You can also pin to a [specific release](https://github.com/peter-evans/create-pull-request/releases) version in the format `@v6.x.x`
 
 ### Workflow permissions
 
@@ -52,14 +53,15 @@ All inputs are **optional**. If not set, sensible defaults will be used.
 | Name | Description | Default |
 | --- | --- | --- |
 | `token` | `GITHUB_TOKEN` (permissions `contents: write` and `pull-requests: write`) or a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token). | `GITHUB_TOKEN` |
+| `git-token` | The [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) that the action will use for git operations. | Defaults to the value of `token` |
 | `path` | Relative path under `GITHUB_WORKSPACE` to the repository. | `GITHUB_WORKSPACE` |
 | `add-paths` | A comma or newline-separated list of file paths to commit. Paths should follow git's [pathspec](https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddefpathspecapathspec) syntax. If no paths are specified, all new and modified files are added. See [Add specific paths](#add-specific-paths). | |
-| `commit-message` | The message to use when committing changes. | `[create-pull-request] automated change` |
+| `commit-message` | The message to use when committing changes. See [commit-message](#commit-message). | `[create-pull-request] automated change` |
-| `committer` | The committer name and email address in the format `Display Name <email@address.com>`. Defaults to the GitHub Actions bot user. | `GitHub <noreply@github.com>` |
+| `committer` | The committer name and email address in the format `Display Name <email@address.com>`. Defaults to the GitHub Actions bot user on github.com. | `github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>` |
-| `author` | The author name and email address in the format `Display Name <email@address.com>`. Defaults to the user who triggered the workflow run. | `${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>` |
+| `author` | The author name and email address in the format `Display Name <email@address.com>`. Defaults to the user who triggered the workflow run. | `${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>` |
 | `signoff` | Add [`Signed-off-by`](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff) line by the committer at the end of the commit log message. | `false` |
 | `branch` | The pull request branch name. | `create-pull-request/patch` |
-| `delete-branch` | Delete the `branch` when closing pull requests, and when undeleted after merging. | `false` |
+| `delete-branch` | Delete the `branch` if it doesn't have an active pull request associated with it. See [delete-branch](#delete-branch). | `false` |
 | `branch-suffix` | The branch suffix type when using the alternative branching strategy. Valid values are `random`, `timestamp` and `short-commit-hash`. See [Alternative strategy](#alternative-strategy---always-create-a-new-pull-request-branch) for details. | |
 | `base` | Sets the pull request base branch. | Defaults to the branch checked out in the workflow. |
 | `push-to-fork` | A fork of the checked-out parent repository to which the pull request branch will be pushed. e.g. `owner/repo-fork`. The pull request will be created to merge the fork's branch into the parent's base. See [push pull request branches to a fork](docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork) for details. | |
@@ -72,11 +74,38 @@ All inputs are **optional**. If not set, sensible defaults will be used.
 | `team-reviewers` | A comma or newline-separated list of GitHub teams to request a review from. Note that a `repo` scoped [PAT](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token), or equivalent [GitHub App permissions](docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens), are required. | |
 | `milestone` | The number of the milestone to associate this pull request with. | |
 | `draft` | Create a [draft pull request](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests#draft-pull-requests). It is not possible to change draft status after creation except through the web interface. | `false` |
+| `sign-commit` | Sign the commit as bot [refer: [Signature verification for bots](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#signature-verification-for-bots)]. This can be useful if your repo or org has enforced commit-signing. | `false` |
+
+#### commit-message
+
+In addition to a message, the `commit-message` input can also be used to populate the commit description. Leave a single blank line between the message and description.
+
+```yml
+          commit-message: |
+            the first line is the commit message
+
+            the commit description starts
+            after a blank line and can be
+            multiple lines
+```
+
+#### delete-branch
+
+The `delete-branch` feature doesn't delete branches immediately on merge. (It can't do that because it would require the merge to somehow trigger the action.)
+The intention of the feature is that when the action next runs it will delete the `branch` if there is no diff.
+
+Enabling this feature leads to the following behaviour:
+1. If a pull request was merged and the branch is left undeleted, when the action next runs it will delete the branch if there is no further diff.
+2. If a pull request is open, but there is now no longer a diff and the PR is unnecessary, the action will delete the branch causing the PR to close.
+
+If you want branches to be deleted immediately on merge then you should use GitHub's `Automatically delete head branches` feature in your repository settings.
+
+#### Proxy support
 
 For self-hosted runners behind a corporate proxy set the `https_proxy` environment variable.
 ```yml
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         env:
           https_proxy: http://<proxy_address>:<port>
 ```
@@ -89,6 +118,7 @@ The following outputs can be used by subsequent workflow steps.
 - `pull-request-url` - The URL of the pull request.
 - `pull-request-operation` - The pull request operation performed by the action, `created`, `updated` or `closed`.
 - `pull-request-head-sha` - The commit SHA of the pull request branch.
+- `pull-request-branch` - The branch name of the pull request.
 
 Step outputs can be accessed as in the following example.
 Note that in order to read the step outputs the action step must have an id.
@@ -96,7 +126,7 @@ Note that in order to read the step outputs the action step must have an id.
 ```yml
       - name: Create Pull Request
         id: cpr
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
       - name: Check outputs
         if: ${{ steps.cpr.outputs.pull-request-number }}
         run: |
@@ -115,7 +145,7 @@ How the action behaves:
 - If there are changes (i.e. a diff exists with the checked-out base branch), the changes will be pushed to a new `branch` and a pull request created.
 - If there are no changes (i.e. no diff exists with the checked-out base branch), no pull request will be created and the action exits silently.
 - If a pull request already exists it will be updated if necessary. Local changes in the Actions workspace, or changes on the base branch, can cause an update. If no update is required the action exits silently.
-- If a pull request exists and new changes on the base branch make the pull request unnecessary (i.e. there is no longer a diff between the pull request branch and the base), the pull request is automatically closed. Additionally, if `delete-branch` is set to `true` the `branch` will be deleted.
+- If a pull request exists and new changes on the base branch make the pull request unnecessary (i.e. there is no longer a diff between the pull request branch and the base), the pull request is automatically closed. Additionally, if [`delete-branch`](#delete-branch) is set to `true` the `branch` will be deleted.
 
 For further details about how the action works and usage guidelines, see [Concepts, guidelines and advanced usage](docs/concepts-guidelines.md).
 
@@ -159,7 +189,7 @@ File changes that do not match one of the paths will be stashed and restored aft
 
 ```yml
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           add-paths: |
             *.java
@@ -173,7 +203,7 @@ Note that the repository must be checked out on a branch with a remote, it won't
 
 ```yml
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Create commits
         run: |
           git config user.name 'Peter Evans'
@@ -186,7 +216,7 @@ Note that the repository must be checked out on a branch with a remote, it won't
       - name: Uncommitted change
         run: date +%s > report.txt
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
 ```
 
 ### Create a project card
@@ -196,7 +226,7 @@ To create a project card for the pull request, pass the `pull-request-number` st
 ```yml
       - name: Create Pull Request
         id: cpr
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
 
       - name: Create or Update Project Card
         if: ${{ steps.cpr.outputs.pull-request-number }}
@@ -224,19 +254,19 @@ jobs:
   createPullRequest:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Make changes to pull request
         run: date +%s > report.txt
 
       - name: Create Pull Request
         id: cpr
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.PAT }}
           commit-message: Update report
-          committer: GitHub <noreply@github.com>
+          committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
           signoff: false
           branch: example-patches
           delete-branch: true

__test__/create-or-update-branch.int.test.ts

@@ -1,14 +1,15 @@
 import {
   createOrUpdateBranch,
   tryFetch,
-  getWorkingBaseAndType
+  getWorkingBaseAndType,
+  buildBranchFileChanges
 } from '../lib/create-or-update-branch'
 import * as fs from 'fs'
 import {GitCommandManager} from '../lib/git-command-manager'
 import * as path from 'path'
 import {v4 as uuidv4} from 'uuid'
 
-const REPO_PATH = '/git/local/test-base'
+const REPO_PATH = '/git/local/repos/test-base'
 const REMOTE_NAME = 'origin'
 
 const TRACKED_FILE = 'a/tracked-file.txt'
@@ -22,7 +23,7 @@ const INIT_COMMIT_MESSAGE = 'Add file to be a tracked file for tests'
 const BRANCH = 'tests/create-pull-request/patch'
 const BASE = DEFAULT_BRANCH
 
-const FORK_REMOTE_URL = 'git://127.0.0.1/test-fork.git'
+const FORK_REMOTE_URL = 'git://127.0.0.1/repos/test-fork.git'
 const FORK_REMOTE_NAME = 'fork'
 
 const ADD_PATHS_DEFAULT = []
@@ -140,10 +141,22 @@ describe('create-or-update-branch tests', () => {
   })
 
   async function beforeTest(): Promise<void> {
+    await git.fetch(
+      [`${DEFAULT_BRANCH}:${DEFAULT_BRANCH}`],
+      REMOTE_NAME,
+      ['--force', '--update-head-ok'],
+      true
+    )
     await git.checkout(DEFAULT_BRANCH)
   }
 
   async function afterTest(deleteRemote = true): Promise<void> {
+    await git.fetch(
+      [`${DEFAULT_BRANCH}:${DEFAULT_BRANCH}`],
+      REMOTE_NAME,
+      ['--force', '--update-head-ok'],
+      true
+    )
     await git.checkout(DEFAULT_BRANCH)
     try {
       // Get the upstream branch if it exists
@@ -198,8 +211,8 @@ describe('create-or-update-branch tests', () => {
   }
 
   it('tests if a branch exists and can be fetched', async () => {
-    expect(await tryFetch(git, REMOTE_NAME, NOT_BASE_BRANCH)).toBeTruthy()
+    expect(await tryFetch(git, REMOTE_NAME, NOT_BASE_BRANCH, 1)).toBeTruthy()
-    expect(await tryFetch(git, REMOTE_NAME, NOT_EXIST_BRANCH)).toBeFalsy()
+    expect(await tryFetch(git, REMOTE_NAME, NOT_EXIST_BRANCH, 1)).toBeFalsy()
   })
 
   it('tests getWorkingBaseAndType on a checked out ref', async () => {
@@ -217,6 +230,80 @@ describe('create-or-update-branch tests', () => {
     expect(workingBaseType).toEqual('commit')
   })
 
+  it('tests buildBranchFileChanges with no diff', async () => {
+    await git.checkout(BRANCH, BASE)
+    const branchFileChanges = await buildBranchFileChanges(git, BASE, BRANCH)
+    expect(branchFileChanges.additions.length).toEqual(0)
+    expect(branchFileChanges.deletions.length).toEqual(0)
+  })
+
+  it('tests buildBranchFileChanges with addition and modification', async () => {
+    await git.checkout(BRANCH, BASE)
+    const changes = await createChanges()
+    await git.exec(['add', '-A'])
+    await git.commit(['-m', 'Test changes'])
+
+    const branchFileChanges = await buildBranchFileChanges(git, BASE, BRANCH)
+
+    expect(branchFileChanges.additions).toEqual([
+      {
+        path: TRACKED_FILE,
+        contents: Buffer.from(changes.tracked, 'binary').toString('base64')
+      },
+      {
+        path: UNTRACKED_FILE,
+        contents: Buffer.from(changes.untracked, 'binary').toString('base64')
+      }
+    ])
+    expect(branchFileChanges.deletions.length).toEqual(0)
+  })
+
+  it('tests buildBranchFileChanges with addition and deletion', async () => {
+    await git.checkout(BRANCH, BASE)
+    const changes = await createChanges()
+    const TRACKED_FILE_NEW_PATH = 'c/tracked-file.txt'
+    const filepath = path.join(REPO_PATH, TRACKED_FILE_NEW_PATH)
+    await fs.promises.mkdir(path.dirname(filepath), {recursive: true})
+    await fs.promises.rename(path.join(REPO_PATH, TRACKED_FILE), filepath)
+    await git.exec(['add', '-A'])
+    await git.commit(['-m', 'Test changes'])
+
+    const branchFileChanges = await buildBranchFileChanges(git, BASE, BRANCH)
+
+    expect(branchFileChanges.additions).toEqual([
+      {
+        path: UNTRACKED_FILE,
+        contents: Buffer.from(changes.untracked, 'binary').toString('base64')
+      },
+      {
+        path: TRACKED_FILE_NEW_PATH,
+        contents: Buffer.from(changes.tracked, 'binary').toString('base64')
+      }
+    ])
+    expect(branchFileChanges.deletions).toEqual([{path: TRACKED_FILE}])
+  })
+
+  it('tests buildBranchFileChanges with binary files', async () => {
+    await git.checkout(BRANCH, BASE)
+    const filename = 'c/untracked-binary-file'
+    const filepath = path.join(REPO_PATH, filename)
+    const binaryData = Buffer.from([0x00, 0xff, 0x10, 0x20])
+    await fs.promises.mkdir(path.dirname(filepath), {recursive: true})
+    await fs.promises.writeFile(filepath, binaryData)
+    await git.exec(['add', '-A'])
+    await git.commit(['-m', 'Test changes'])
+
+    const branchFileChanges = await buildBranchFileChanges(git, BASE, BRANCH)
+
+    expect(branchFileChanges.additions).toEqual([
+      {
+        path: filename,
+        contents: binaryData.toString('base64')
+      }
+    ])
+    expect(branchFileChanges.deletions.length).toEqual(0)
+  })
+
   it('tests no changes resulting in no new branch being created', async () => {
     const commitMessage = uuidv4()
     const result = await createOrUpdateBranch(
@@ -1454,8 +1541,7 @@ describe('create-or-update-branch tests', () => {
     expect(
       await gitLogMatches([
         _commitMessage,
-        ...commits.commitMsgs,
+        commits.commitMsgs[0] // fetch depth of base is 1
-        INIT_COMMIT_MESSAGE
       ])
     ).toBeTruthy()
   })
@@ -1590,7 +1676,9 @@ describe('create-or-update-branch tests', () => {
     expect(await getFileContent(TRACKED_FILE)).toEqual(_changes.tracked)
     expect(await getFileContent(UNTRACKED_FILE)).toEqual(_changes.untracked)
     expect(
-      await gitLogMatches([...commits.commitMsgs, INIT_COMMIT_MESSAGE])
+      await gitLogMatches([
+        commits.commitMsgs[0] // fetch depth of base is 1
+      ])
     ).toBeTruthy()
   })
 
@@ -1668,7 +1756,9 @@ describe('create-or-update-branch tests', () => {
     expect(await getFileContent(TRACKED_FILE)).toEqual(_changes.tracked)
     expect(await getFileContent(UNTRACKED_FILE)).toEqual(_changes.untracked)
     expect(
-      await gitLogMatches([...commits.commitMsgs, INIT_COMMIT_MESSAGE])
+      await gitLogMatches([
+        commits.commitMsgs[0] // fetch depth of base is 1
+      ])
     ).toBeTruthy()
   })
 
@@ -1951,8 +2041,7 @@ describe('create-or-update-branch tests', () => {
       await gitLogMatches([
         _commitMessage,
         ..._commits.commitMsgs,
-        ...commitsOnBase.commitMsgs,
+        commitsOnBase.commitMsgs[0] // fetch depth of base is 1
-        INIT_COMMIT_MESSAGE
       ])
     ).toBeTruthy()
   })
@@ -2147,8 +2236,7 @@ describe('create-or-update-branch tests', () => {
     expect(
       await gitLogMatches([
         _commitMessage,
-        ...commitsOnBase.commitMsgs,
+        commitsOnBase.commitMsgs[0] // fetch depth of base is 1
-        INIT_COMMIT_MESSAGE
       ])
     ).toBeTruthy()
   })

__test__/entrypoint.sh

@@ -5,18 +5,18 @@ set -euo pipefail
 WORKINGDIR=$PWD
 
 # Create and serve a remote repo
-mkdir -p /git/remote
+mkdir -p /git/remote/repos
 git config --global init.defaultBranch main
-git init --bare /git/remote/test-base.git
+git init --bare /git/remote/repos/test-base.git
 git daemon --verbose --enable=receive-pack --base-path=/git/remote --export-all /git/remote &>/dev/null &
 
 # Give the daemon time to start
 sleep 2
 
 # Create a local clone and make an initial commit
-mkdir -p /git/local
+mkdir -p /git/local/repos
-git clone git://127.0.0.1/test-base.git /git/local/test-base
+git clone git://127.0.0.1/repos/test-base.git /git/local/repos/test-base
-cd /git/local/test-base
+cd /git/local/repos/test-base
 git config --global user.email "you@example.com"
 git config --global user.name "Your Name"
 echo "#test-base" > README.md
@@ -30,8 +30,8 @@ git config -l
 
 # Clone a server-side fork of the base repo
 cd $WORKINGDIR
-git clone --mirror git://127.0.0.1/test-base.git /git/remote/test-fork.git
+git clone --mirror git://127.0.0.1/repos/test-base.git /git/remote/repos/test-fork.git
-cd /git/remote/test-fork.git
+cd /git/remote/repos/test-fork.git
 git log -1 --pretty=oneline
 
 # Restore the working directory

__test__/git-config-helper.int.test.ts

@@ -1,32 +1,32 @@
 import {GitCommandManager} from '../lib/git-command-manager'
-import {GitAuthHelper} from '../lib/git-auth-helper'
+import {GitConfigHelper} from '../lib/git-config-helper'
 
-const REPO_PATH = '/git/local/test-base'
+const REPO_PATH = '/git/local/repos/test-base'
 
-const extraheaderConfigKey = 'http.https://github.com/.extraheader'
+const extraheaderConfigKey = 'http.https://127.0.0.1/.extraheader'
 
-describe('git-auth-helper tests', () => {
+describe('git-config-helper integration tests', () => {
   let git: GitCommandManager
-  let gitAuthHelper: GitAuthHelper
+  let gitConfigHelper: GitConfigHelper
 
   beforeAll(async () => {
     git = await GitCommandManager.create(REPO_PATH)
-    gitAuthHelper = new GitAuthHelper(git)
   })
 
   it('tests save and restore with no persisted auth', async () => {
-    await gitAuthHelper.savePersistedAuth()
+    const gitConfigHelper = await GitConfigHelper.create(git)
-    await gitAuthHelper.restorePersistedAuth()
+    await gitConfigHelper.close()
   })
 
   it('tests configure and removal of auth', async () => {
-    await gitAuthHelper.configureToken('github-token')
+    const gitConfigHelper = await GitConfigHelper.create(git)
+    await gitConfigHelper.configureToken('github-token')
     expect(await git.configExists(extraheaderConfigKey)).toBeTruthy()
     expect(await git.getConfigValue(extraheaderConfigKey)).toEqual(
       'AUTHORIZATION: basic eC1hY2Nlc3MtdG9rZW46Z2l0aHViLXRva2Vu'
     )
 
-    await gitAuthHelper.removeAuth()
+    await gitConfigHelper.close()
     expect(await git.configExists(extraheaderConfigKey)).toBeFalsy()
   })
 
@@ -34,37 +34,53 @@ describe('git-auth-helper tests', () => {
     const extraheaderConfigValue = 'AUTHORIZATION: basic ***persisted-auth***'
     await git.config(extraheaderConfigKey, extraheaderConfigValue)
 
-    await gitAuthHelper.savePersistedAuth()
+    const gitConfigHelper = await GitConfigHelper.create(git)
 
     const exists = await git.configExists(extraheaderConfigKey)
     expect(exists).toBeFalsy()
 
-    await gitAuthHelper.restorePersistedAuth()
+    await gitConfigHelper.close()
 
     const configValue = await git.getConfigValue(extraheaderConfigKey)
     expect(configValue).toEqual(extraheaderConfigValue)
 
-    await gitAuthHelper.removeAuth()
+    const unset = await git.tryConfigUnset(
+      extraheaderConfigKey,
+      '^AUTHORIZATION:'
+    )
+    expect(unset).toBeTruthy()
+  })
+
+  it('tests not adding/removing the safe.directory config when it already exists', async () => {
+    await git.config('safe.directory', '/another-value', true, true)
+
+    const gitConfigHelper = await GitConfigHelper.create(git)
+
+    expect(
+      await git.configExists('safe.directory', '/another-value', true)
+    ).toBeTruthy()
+
+    await gitConfigHelper.close()
+
+    const unset = await git.tryConfigUnset(
+      'safe.directory',
+      '/another-value',
+      true
+    )
+    expect(unset).toBeTruthy()
   })
 
   it('tests adding and removing the safe.directory config', async () => {
-    await git.config('safe.directory', '/another-value', true, true)
+    const gitConfigHelper = await GitConfigHelper.create(git)
-
-    await gitAuthHelper.removeSafeDirectory()
-    await gitAuthHelper.addSafeDirectory()
 
     expect(
       await git.configExists('safe.directory', REPO_PATH, true)
     ).toBeTruthy()
 
-    await gitAuthHelper.addSafeDirectory()
+    await gitConfigHelper.close()
-    await gitAuthHelper.removeSafeDirectory()
 
     expect(
       await git.configExists('safe.directory', REPO_PATH, true)
     ).toBeFalsy()
-    expect(
-      await git.configExists('safe.directory', '/another-value', true)
-    ).toBeTruthy()
   })
 })

__test__/git-config-helper.unit.test.ts

@@ -0,0 +1,93 @@
+import {GitConfigHelper} from '../lib/git-config-helper'
+
+describe('git-config-helper unit tests', () => {
+  test('parseGitRemote successfully parses HTTPS remote URLs', async () => {
+    const remote1 = GitConfigHelper.parseGitRemote(
+      'https://github.com/peter-evans/create-pull-request'
+    )
+    expect(remote1.hostname).toEqual('github.com')
+    expect(remote1.protocol).toEqual('HTTPS')
+    expect(remote1.repository).toEqual('peter-evans/create-pull-request')
+
+    const remote2 = GitConfigHelper.parseGitRemote(
+      'https://xxx:x-oauth-basic@github.com/peter-evans/create-pull-request'
+    )
+    expect(remote2.hostname).toEqual('github.com')
+    expect(remote2.protocol).toEqual('HTTPS')
+    expect(remote2.repository).toEqual('peter-evans/create-pull-request')
+
+    const remote3 = GitConfigHelper.parseGitRemote(
+      'https://github.com/peter-evans/create-pull-request.git'
+    )
+    expect(remote3.hostname).toEqual('github.com')
+    expect(remote3.protocol).toEqual('HTTPS')
+    expect(remote3.repository).toEqual('peter-evans/create-pull-request')
+
+    const remote4 = GitConfigHelper.parseGitRemote(
+      'https://github.com/peter-evans/ungit'
+    )
+    expect(remote4.hostname).toEqual('github.com')
+    expect(remote4.protocol).toEqual('HTTPS')
+    expect(remote4.repository).toEqual('peter-evans/ungit')
+
+    const remote5 = GitConfigHelper.parseGitRemote(
+      'https://github.com/peter-evans/ungit.git'
+    )
+    expect(remote5.hostname).toEqual('github.com')
+    expect(remote5.protocol).toEqual('HTTPS')
+    expect(remote5.repository).toEqual('peter-evans/ungit')
+
+    const remote6 = GitConfigHelper.parseGitRemote(
+      'https://github.internal.company/peter-evans/create-pull-request'
+    )
+    expect(remote6.hostname).toEqual('github.internal.company')
+    expect(remote6.protocol).toEqual('HTTPS')
+    expect(remote6.repository).toEqual('peter-evans/create-pull-request')
+  })
+
+  test('parseGitRemote successfully parses SSH remote URLs', async () => {
+    const remote1 = GitConfigHelper.parseGitRemote(
+      'git@github.com:peter-evans/create-pull-request.git'
+    )
+    expect(remote1.hostname).toEqual('github.com')
+    expect(remote1.protocol).toEqual('SSH')
+    expect(remote1.repository).toEqual('peter-evans/create-pull-request')
+
+    const remote2 = GitConfigHelper.parseGitRemote(
+      'git@github.com:peter-evans/ungit.git'
+    )
+    expect(remote2.hostname).toEqual('github.com')
+    expect(remote2.protocol).toEqual('SSH')
+    expect(remote2.repository).toEqual('peter-evans/ungit')
+
+    const remote3 = GitConfigHelper.parseGitRemote(
+      'git@github.internal.company:peter-evans/create-pull-request.git'
+    )
+    expect(remote3.hostname).toEqual('github.internal.company')
+    expect(remote3.protocol).toEqual('SSH')
+    expect(remote3.repository).toEqual('peter-evans/create-pull-request')
+  })
+
+  test('parseGitRemote successfully parses GIT remote URLs', async () => {
+    // Unauthenticated git protocol for integration tests only
+    const remote1 = GitConfigHelper.parseGitRemote(
+      'git://127.0.0.1/repos/test-base.git'
+    )
+    expect(remote1.hostname).toEqual('127.0.0.1')
+    expect(remote1.protocol).toEqual('GIT')
+    expect(remote1.repository).toEqual('repos/test-base')
+  })
+
+  test('parseGitRemote fails to parse a remote URL', async () => {
+    const remoteUrl = 'https://github.com/peter-evans'
+    try {
+      GitConfigHelper.parseGitRemote(remoteUrl)
+      // Fail the test if an error wasn't thrown
+      expect(true).toEqual(false)
+    } catch (e: any) {
+      expect(e.message).toEqual(
+        `The format of '${remoteUrl}' is not a valid GitHub repository URL`
+      )
+    }
+  })
+})

__test__/integration-tests.sh

@@ -8,7 +8,7 @@ if [[ "$(docker images -q $IMAGE 2> /dev/null)" == "" || $ARG1 == "build" ]]; th
     echo "Building Docker image $IMAGE ..."
 
     cat > Dockerfile << EOF
-FROM node:16-alpine
+FROM node:20-alpine
 RUN apk --no-cache add git git-daemon
 RUN npm install jest jest-environment-jsdom --global
 WORKDIR /cpr

__test__/utils.unit.test.ts

@@ -44,63 +44,6 @@ describe('utils tests', () => {
     )
   })
 
-  test('getRemoteDetail successfully parses remote URLs', async () => {
-    const remote1 = utils.getRemoteDetail(
-      'https://github.com/peter-evans/create-pull-request'
-    )
-    expect(remote1.protocol).toEqual('HTTPS')
-    expect(remote1.repository).toEqual('peter-evans/create-pull-request')
-
-    const remote2 = utils.getRemoteDetail(
-      'https://xxx:x-oauth-basic@github.com/peter-evans/create-pull-request'
-    )
-    expect(remote2.protocol).toEqual('HTTPS')
-    expect(remote2.repository).toEqual('peter-evans/create-pull-request')
-
-    const remote3 = utils.getRemoteDetail(
-      'git@github.com:peter-evans/create-pull-request.git'
-    )
-    expect(remote3.protocol).toEqual('SSH')
-    expect(remote3.repository).toEqual('peter-evans/create-pull-request')
-
-    const remote4 = utils.getRemoteDetail(
-      'https://github.com/peter-evans/create-pull-request.git'
-    )
-    expect(remote4.protocol).toEqual('HTTPS')
-    expect(remote4.repository).toEqual('peter-evans/create-pull-request')
-
-    const remote5 = utils.getRemoteDetail(
-      'https://github.com/peter-evans/ungit'
-    )
-    expect(remote5.protocol).toEqual('HTTPS')
-    expect(remote5.repository).toEqual('peter-evans/ungit')
-
-    const remote6 = utils.getRemoteDetail(
-      'https://github.com/peter-evans/ungit.git'
-    )
-    expect(remote6.protocol).toEqual('HTTPS')
-    expect(remote6.repository).toEqual('peter-evans/ungit')
-
-    const remote7 = utils.getRemoteDetail(
-      'git@github.com:peter-evans/ungit.git'
-    )
-    expect(remote7.protocol).toEqual('SSH')
-    expect(remote7.repository).toEqual('peter-evans/ungit')
-  })
-
-  test('getRemoteDetail fails to parse a remote URL', async () => {
-    const remoteUrl = 'https://github.com/peter-evans'
-    try {
-      utils.getRemoteDetail(remoteUrl)
-      // Fail the test if an error wasn't thrown
-      expect(true).toEqual(false)
-    } catch (e: any) {
-      expect(e.message).toEqual(
-        `The format of '${remoteUrl}' is not a valid GitHub repository URL`
-      )
-    }
-  })
-
   test('getRemoteUrl successfully returns remote URLs', async () => {
     const url1 = utils.getRemoteUrl(
       'HTTPS',

action.yml

@@ -4,6 +4,10 @@ inputs:
   token:
     description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
     default: ${{ github.token }}
+  git-token:
+    description: >
+      The Personal Access Token (PAT) that the action will use for git operations.
+      Defaults to the value of `token`.
   path:
     description: >
       Relative path under $GITHUB_WORKSPACE to the repository.
@@ -20,12 +24,12 @@ inputs:
     description: >
       The committer name and email address in the format `Display Name <email@address.com>`.
       Defaults to the GitHub Actions bot user.
-    default: 'GitHub <noreply@github.com>'
+    default: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
   author:
     description: >
       The author name and email address in the format `Display Name <email@address.com>`.
       Defaults to the user who triggered the workflow run.
-    default: '${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>'
+    default: '${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>'
   signoff:
     description: 'Add `Signed-off-by` line by the committer at the end of the commit log message.'
     default: false
@@ -34,8 +38,7 @@ inputs:
     default: 'create-pull-request/patch'
   delete-branch:
     description: >
-      Delete the `branch` when closing pull requests, and when undeleted after merging.
+      Delete the `branch` if it doesn't have an active pull request associated with it.
-      Recommend `true`.
     default: false
   branch-suffix:
     description: 'The branch suffix type when using the alternative branching strategy.'
@@ -71,6 +74,9 @@ inputs:
   draft:
     description: 'Create a draft pull request. It is not possible to change draft status after creation except through the web interface'
     default: false
+  sign-commit:
+    description: 'Sign the commit as github-actions bot (and as custom app if a different github-token is provided)'
+    default: true
 outputs:
   pull-request-number:
     description: 'The pull request number'
@@ -80,8 +86,10 @@ outputs:
     description: 'The pull request operation performed by the action, `created`, `updated` or `closed`.'
   pull-request-head-sha:
     description: 'The commit SHA of the pull request branch.'
+  pull-request-branch:
+    description: 'The pull request branch name'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/index.js'
 branding:
   icon: 'git-pull-request'

docs/common-issues.md

@@ -0,0 +1,53 @@
+# Common issues
+
+- [Troubleshooting](#troubleshooting)
+  - [Create using an existing branch as the PR branch](#create-using-an-existing-branch-as-the-pr-branch)
+- [Frequently requested features](#use-case-create-a-pull-request-to-update-x-on-release)
+  - [Disable force updates to existing PR branches](#disable-force-updates-to-existing-pr-branches)
+  - [Add a no-verify option to bypass git hooks](#add-a-no-verify-option-to-bypass-git-hooks)
+
+## Troubleshooting
+
+### Create using an existing branch as the PR branch
+
+A common point of confusion is to try and use an existing branch containing changes to raise in a PR as the `branch` input. This will not work because the action is primarily designed to be used in workflows where the PR branch does not exist yet. The action creates and manages the PR branch itself.
+
+If you have an existing branch that you just want to create a PR for, then I recommend using the official [GitHub CLI](https://cli.github.com/manual/gh_pr_create) in a workflow step.
+
+Alternatively, if you are trying to keep a branch up to date with another branch, then you can follow [this example](https://github.com/peter-evans/create-pull-request/blob/main/docs/examples.md#keep-a-branch-up-to-date-with-another).
+
+## Frequently requested features
+
+### Disable force updates to existing PR branches
+
+This behaviour is fundamental to how the action works and is a conscious design decision. The "rule" that I based this design on is that when a workflow executes the action to create or update a PR, the result of those two possible actions should never be different. The easiest way to maintain that consistency is to rebase the PR branch and force push it.
+
+If you want to avoid this behaviour there are some things that might work depending on your use case:
+- Check if the pull request branch exists in a separate step before the action runs and act accordingly.
+- Use the [alternative strategy](https://github.com/peter-evans/create-pull-request#alternative-strategy---always-create-a-new-pull-request-branch) of always creating a new PR that won't be updated by the action.
+- [Create your own commits](https://github.com/peter-evans/create-pull-request#create-your-own-commits) each time the action is created/updated.
+
+### Add a no-verify option to bypass git hooks
+
+Presently, there is no plan to add this feature to the action.
+The reason is that I'm trying very hard to keep the interface for this action to a minimum to prevent it becoming bloated and complicated.
+
+Git hooks must be installed after a repository is checked out in order for them to work.
+So the straightforward solution is to just not install them during the workflow where this action is used.
+
+- If hooks are automatically enabled by a framework, use an option provided by the framework to disable them. For example, for Husky users, they can be disabled with the `--ignore-scripts` flag, or by setting the `HUSKY` environment variable when the action runs.
+  ```yml
+  uses: peter-evans/create-pull-request@v6
+  env:
+    HUSKY: '0'
+  ```
+- If hooks are installed in a script, then add a condition checking if the `CI` environment variable exists.
+   ```sh
+   #!/bin/sh
+
+   [ -n "$CI" ] && exit 0
+   ```
+- If preventing the hooks installing is problematic, just delete them in a workflow step before the action runs.
+   ```yml
+   - run: rm .git/hooks -rf
+   ```

docs/concepts-guidelines.md

@@ -36,7 +36,7 @@ For each [event type](https://docs.github.com/en/actions/reference/events-that-t
 The default can be overridden by specifying a `ref` on checkout.
 
 ```yml
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: develop
 ```
@@ -73,7 +73,7 @@ jobs:
   example:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 ```
 
 There may be use cases where it makes sense to execute the workflow on a branch that is not the base of the pull request. In these cases, the base branch can be specified with the `base` action input. The action will attempt to rebase changes made during the workflow on to the actual base.
@@ -88,7 +88,7 @@ In these cases, you *must supply* the `base` input so the action can rebase chan
 Workflows triggered by [`pull_request`](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request) events will by default check out a merge commit. Set the `base` input as follows to base the new pull request on the current pull request's branch.
 
 ```yml
-      - uses: peter-evans/create-pull-request@v5
+      - uses: peter-evans/create-pull-request@v6
         with:
           base: ${{ github.head_ref }}
 ```
@@ -96,7 +96,7 @@ Workflows triggered by [`pull_request`](https://docs.github.com/en/actions/refer
 Workflows triggered by [`release`](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#release) events will by default check out a tag. For most use cases, you will need to set the `base` input to the branch name of the tagged commit.
 
 ```yml
-      - uses: peter-evans/create-pull-request@v5
+      - uses: peter-evans/create-pull-request@v6
         with:
           base: main
 ```
@@ -173,14 +173,14 @@ This action uses [ncc](https://github.com/vercel/ncc) to compile the Node.js cod
 Checking out a branch from a different repository from where the workflow is executing will make *that repository* the target for the created pull request. In this case, a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) is required.
 
 ```yml
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: owner/repo
 
       # Make changes to pull request here
 
-      - uses: peter-evans/create-pull-request@v5
+      - uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.PAT }}
 ```
@@ -200,14 +200,14 @@ How to use SSH (deploy keys) with create-pull-request action:
 
 ```yml
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
 
       # Make changes to pull request here
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
 ```
 
 ### Push pull request branches to a fork
@@ -226,11 +226,11 @@ Note that if you choose to use this method (not give the machine account `write`
 6. As shown in the following example workflow, set the `push-to-fork` input to the full repository name of the fork.
 
 ```yaml
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       # Make changes to pull request here
 
-      - uses: peter-evans/create-pull-request@v5
+      - uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.MACHINE_USER_PAT }}
           push-to-fork: machine-user/fork-of-repository
@@ -264,7 +264,7 @@ GitHub App generated tokens are more secure than using a PAT because GitHub App
 
 ```yaml
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - uses: tibdex/github-app-token@v1
         id: generate-token
@@ -275,7 +275,7 @@ GitHub App generated tokens are more secure than using a PAT because GitHub App
       # Make changes to pull request here
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ steps.generate-token.outputs.token }}
 ```
@@ -304,19 +304,19 @@ The action can use GPG to sign commits with a GPG key that you generate yourself
 
 ```yaml
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: crazy-max/ghaction-import-gpg@v3
+      - uses: crazy-max/ghaction-import-gpg@v5
         with:
-          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
-          git-user-signingkey: true
+          git_user_signingkey: true
-          git-commit-gpgsign: true
+          git_commit_gpgsign: true
 
       # Make changes to pull request here
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.PAT }}
           committer: example <email@example.com>
@@ -341,12 +341,12 @@ jobs:
       - name: Install dependencies
         run: apk --no-cache add git
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       # Make changes to pull request here
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
 ```
 
 **Ubuntu container example:**
@@ -364,10 +364,10 @@ jobs:
           add-apt-repository -y ppa:git-core/ppa
           apt-get install -y git
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       # Make changes to pull request here
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
 ```

docs/examples.md

@@ -19,7 +19,6 @@
   - [autopep8](#autopep8)
 - [Misc workflow tips](#misc-workflow-tips)
   - [Filtering push events](#filtering-push-events)
-  - [Bypassing git hooks](#bypassing-git-hooks)
   - [Dynamic configuration using variables](#dynamic-configuration-using-variables)
   - [Using a markdown template](#using-a-markdown-template)
   - [Debugging GitHub Actions](#debugging-github-actions)
@@ -43,14 +42,14 @@ jobs:
   updateAuthors:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Update AUTHORS
         run: |
           git log --format='%aN <%aE>%n%cN <%cE>' | sort -u > AUTHORS
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           commit-message: update authors
           title: Update AUTHORS
@@ -74,7 +73,7 @@ jobs:
   productionPromotion:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: production
       - name: Reset promotion branch
@@ -82,7 +81,7 @@ jobs:
           git fetch origin main:main
           git reset --hard main
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           branch: production-promotion
 ```
@@ -107,7 +106,7 @@ jobs:
   updateChangelog:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Update Changelog
@@ -117,7 +116,7 @@ jobs:
           ./git-chglog -o CHANGELOG.md
           rm git-chglog
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           commit-message: update changelog
           title: Update Changelog
@@ -145,7 +144,7 @@ jobs:
   update-dep:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-node@v3
         with:
           node-version: '16.x'
@@ -154,7 +153,7 @@ jobs:
           npx -p npm-check-updates ncu -u
           npm install
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
             token: ${{ secrets.PAT }}
             commit-message: Update dependencies
@@ -181,7 +180,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-node@v3
         with:
           node-version: 16.x
@@ -205,7 +204,7 @@ jobs:
   update-dep:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-java@v2
         with:
           distribution: 'temurin'
@@ -215,7 +214,7 @@ jobs:
       - name: Perform dependency resolution and write new lockfiles
         run: ./gradlew dependencies --write-locks
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
             token: ${{ secrets.PAT }}
             commit-message: Update dependencies
@@ -243,14 +242,14 @@ jobs:
   update-dep:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Update dependencies
         run: |
           cargo install cargo-edit
           cargo update
           cargo upgrade --to-lockfile
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
             token: ${{ secrets.PAT }}
             commit-message: Update dependencies
@@ -278,7 +277,7 @@ jobs:
   updateSwagger:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Get Latest Swagger UI Release
         id: swagger-ui
         run: |
@@ -308,7 +307,7 @@ jobs:
           # Update current release
           echo ${{ steps.swagger-ui.outputs.release_tag }} > swagger-ui.version
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           commit-message: Update swagger-ui to ${{ steps.swagger-ui.outputs.release_tag }}
           title: Update SwaggerUI to ${{ steps.swagger-ui.outputs.release_tag }}
@@ -343,7 +342,7 @@ jobs:
   updateFork:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: fork-owner/repo
       - name: Reset the default branch with upstream changes
@@ -352,7 +351,7 @@ jobs:
           git fetch upstream main:upstream-main
           git reset --hard upstream-main
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.PAT }}
           branch: upstream-changes
@@ -371,7 +370,7 @@ jobs:
   format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Download website
         run: |
           wget \
@@ -385,7 +384,7 @@ jobs:
             --domains quotes.toscrape.com \
             http://quotes.toscrape.com/
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           commit-message: update local website copy
           title: Automated Updates to Local Website Copy
@@ -467,7 +466,7 @@ jobs:
     if: startsWith(github.head_ref, 'autopep8-patches') == false && github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.head_ref }}
       - name: autopep8
@@ -482,7 +481,7 @@ jobs:
           echo "branch-name=$branch-name" >> $GITHUB_OUTPUT
       - name: Create Pull Request
         if: steps.autopep8.outputs.exit-code == 2
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           commit-message: autopep8 action fixes
           title: Fixes by autopep8 action
@@ -516,28 +515,16 @@ jobs:
     if: startsWith(github.ref, 'refs/heads/')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       ...
 
   someOtherJob:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       ...
 ```
 
-### Bypassing git hooks
-
-If you have git hooks that prevent the action from working correctly you can remove them before running the action.
-
-```yml
-      # Remove git hooks
-      - run: rm -rf .git/hooks
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
-```
-
 ### Dynamic configuration using variables
 
 The following examples show how configuration for the action can be dynamically defined in a previous workflow step.
@@ -553,7 +540,7 @@ Note that the step where output variables are defined must have an id.
           echo "pr_title=$pr_title" >> $GITHUB_OUTPUT
           echo "pr_body=$pr_body" >> $GITHUB_OUTPUT
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           title: ${{ steps.vars.outputs.pr_title }}
           body: ${{ steps.vars.outputs.pr_body }}
@@ -579,7 +566,7 @@ The template is rendered using the [render-template](https://github.com/chuhlomi
             bar: that
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
         with:
           body: ${{ steps.template.outputs.result }}
 ```

docs/updating.md

@@ -1,3 +1,23 @@
+## Updating from `v5` to `v6`
+
+### Behaviour changes
+
+- The default values for `author` and `committer` have changed. See "What's new" below for details. If you are overriding the default values you will not be affected by this change.
+- On completion, the action now removes the temporary git remote configuration it adds when using `push-to-fork`. This should not affect you unless you were using the temporary configuration for some other purpose after the action completes.
+
+### What's new
+
+- Updated runtime to Node.js 20
+  - The action now requires a minimum version of [v2.308.0](https://github.com/actions/runner/releases/tag/v2.308.0) for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.
+- The default value for `author` has been changed to `${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>`. The change adds the `${{ github.actor_id }}+` prefix to the email address to align with GitHub's standard format for the author email address.
+- The default value for `committer` has been changed to `github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>`. This is to align with the default GitHub Actions bot user account.
+- Adds input `git-token`, the [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) that the action will use for git operations. This input defaults to the value of `token`. Use this input if you would like the action to use a different token for git operations than the one used for the GitHub API.
+- `push-to-fork` now supports pushing to sibling repositories in the same network.
+- Previously, when using `push-to-fork`, the action did not remove temporary git remote configuration it adds during execution. This has been fixed and the configuration is now removed when the action completes.
+- If the pull request body is truncated due to exceeding the maximum length, the action will now suffix the body with the message "...*[Pull request body truncated]*" to indicate that the body has been truncated.
+- The action now uses `--unshallow` only when necessary, rather than as a default argument of `git fetch`. This should improve performance, particularly for large git repositories with extensive commit history.
+- The action can now be executed on one GitHub server and create pull requests on a *different* GitHub server. Server products include GitHub hosted (github.com), GitHub Enterprise Server (GHES), and GitHub Enterprise Cloud (GHEC). For example, the action can be executed on GitHub hosted and create pull requests on a GHES or GHEC instance.
+
 ## Updating from `v4` to `v5`
 
 ### Behaviour changes

package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-pull-request",
-  "version": "5.0.0",
+  "version": "6.0.0",
   "private": true,
   "description": "Creates a pull request for changes to your repository in the actions workspace",
   "main": "lib/main.js",
@@ -29,31 +29,35 @@
   },
   "homepage": "https://github.com/peter-evans/create-pull-request",
   "dependencies": {
-    "@actions/core": "^1.10.0",
+    "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.1",
-    "@octokit/core": "^4.2.1",
+    "@octokit/core": "^4.2.4",
+    "@octokit/graphql": "^8.1.1",
+    "@octokit/graphql-schema": "^15.25.0",
     "@octokit/plugin-paginate-rest": "^5.0.1",
     "@octokit/plugin-rest-endpoint-methods": "^6.8.1",
-    "https-proxy-agent": "^5.0.1",
     "proxy-from-env": "^1.1.0",
-    "uuid": "^9.0.0"
+    "undici": "^6.19.4",
+    "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.2",
+    "@types/jest": "^29.5.12",
-    "@types/node": "^18.16.18",
+    "@types/node": "^18.19.42",
-    "@typescript-eslint/parser": "^5.59.11",
+    "@typescript-eslint/eslint-plugin": "^7.17.0",
-    "@vercel/ncc": "^0.36.1",
+    "@typescript-eslint/parser": "^7.17.0",
-    "eslint": "^8.42.0",
+    "@vercel/ncc": "^0.38.1",
-    "eslint-import-resolver-typescript": "^3.5.5",
+    "eslint": "^8.57.0",
-    "eslint-plugin-github": "^4.8.0",
+    "eslint-import-resolver-typescript": "^3.6.1",
-    "eslint-plugin-import": "^2.27.5",
+    "eslint-plugin-github": "^4.10.2",
-    "eslint-plugin-jest": "^27.2.1",
+    "eslint-plugin-import": "^2.29.1",
-    "jest": "^29.5.0",
+    "eslint-plugin-jest": "^27.9.0",
-    "jest-circus": "^29.4.2",
+    "eslint-plugin-prettier": "^5.2.1",
-    "jest-environment-jsdom": "^29.5.0",
+    "jest": "^29.7.0",
+    "jest-circus": "^29.7.0",
+    "jest-environment-jsdom": "^29.7.0",
     "js-yaml": "^4.1.0",
-    "prettier": "^2.8.8",
+    "prettier": "^3.3.3",
-    "ts-jest": "^29.1.0",
+    "ts-jest": "^29.2.3",
-    "typescript": "^4.9.5"
+    "typescript": "^5.5.4"
   }
 }

src/create-or-update-branch.ts

@@ -1,11 +1,14 @@
 import * as core from '@actions/core'
 import {GitCommandManager} from './git-command-manager'
 import {v4 as uuidv4} from 'uuid'
+import * as utils from './utils'
 
 const CHERRYPICK_EMPTY =
   'The previous cherry-pick is now empty, possibly due to conflict resolution.'
 const NOTHING_TO_COMMIT = 'nothing to commit, working tree clean'
 
+const FETCH_DEPTH_MARGIN = 10
+
 export enum WorkingBaseType {
   Branch = 'branch',
   Commit = 'commit'
@@ -31,11 +34,13 @@ export async function getWorkingBaseAndType(
 export async function tryFetch(
   git: GitCommandManager,
   remote: string,
-  branch: string
+  branch: string,
+  depth: number
 ): Promise<boolean> {
   try {
     await git.fetch([`${branch}:refs/remotes/${remote}/${branch}`], remote, [
-      '--force'
+      '--force',
+      `--depth=${depth}`
     ])
     return true
   } catch {
@@ -43,6 +48,38 @@ export async function tryFetch(
   }
 }
 
+export async function buildBranchFileChanges(
+  git: GitCommandManager,
+  base: string,
+  branch: string
+): Promise<BranchFileChanges> {
+  const branchFileChanges: BranchFileChanges = {
+    additions: [],
+    deletions: []
+  }
+  const changedFiles = await git.getChangedFiles([
+    '--diff-filter=AM',
+    `${base}..${branch}`
+  ])
+  const deletedFiles = await git.getChangedFiles([
+    '--diff-filter=D',
+    `${base}..${branch}`
+  ])
+  const repoPath = git.getWorkingDirectory()
+  for (const file of changedFiles) {
+    branchFileChanges.additions!.push({
+      path: file,
+      contents: utils.readFileBase64([repoPath, file])
+    })
+  }
+  for (const file of deletedFiles) {
+    branchFileChanges.deletions!.push({
+      path: file
+    })
+  }
+  return branchFileChanges
+}
+
 // Return the number of commits that branch2 is ahead of branch1
 async function commitsAhead(
   git: GitCommandManager,
@@ -106,11 +143,22 @@ function splitLines(multilineString: string): string[] {
     .filter(x => x !== '')
 }
 
+export interface BranchFileChanges {
+  additions: {
+    path: string
+    contents: string
+  }[]
+  deletions: {
+    path: string
+  }[]
+}
+
 interface CreateOrUpdateBranchResult {
   action: string
   base: string
   hasDiffWithBase: boolean
   headSha: string
+  branchFileChanges?: BranchFileChanges
 }
 
 export async function createOrUpdateBranch(
@@ -173,21 +221,12 @@ export async function createOrUpdateBranch(
   // Stash any uncommitted tracked and untracked changes
   const stashed = await git.stashPush(['--include-untracked'])
 
-  // Perform fetch and reset the working base
+  // Reset the working base
   // Commits made during the workflow will be removed
   if (workingBaseType == WorkingBaseType.Branch) {
     core.info(`Resetting working base branch '${workingBase}'`)
-    if (branchRemoteName == 'fork') {
+    await git.checkout(workingBase)
-      // If pushing to a fork we must fetch with 'unshallow' to avoid the following error on git push
+    await git.exec(['reset', '--hard', `${baseRemote}/${workingBase}`])
-      // ! [remote rejected] HEAD -> tests/push-branch-to-fork (shallow update not allowed)
-      await git.fetch([`${workingBase}:${workingBase}`], baseRemote, [
-        '--force'
-      ])
-    } else {
-      // If the remote is 'origin' we can git reset
-      await git.checkout(workingBase)
-      await git.exec(['reset', '--hard', `${baseRemote}/${workingBase}`])
-    }
   }
 
   // If the working base is not the base, rebase the temp branch commits
@@ -196,8 +235,13 @@ export async function createOrUpdateBranch(
     core.info(
       `Rebasing commits made to ${workingBaseType} '${workingBase}' on to base branch '${base}'`
     )
+    const fetchArgs = ['--force']
+    if (branchRemoteName != 'fork') {
+      // If pushing to a fork we cannot shallow fetch otherwise the 'shallow update not allowed' error occurs
+      fetchArgs.push('--depth=1')
+    }
     // Checkout the actual base
-    await git.fetch([`${base}:${base}`], baseRemote, ['--force'])
+    await git.fetch([`${base}:${base}`], baseRemote, fetchArgs)
     await git.checkout(base)
     // Cherrypick commits from the temporary branch starting from the working base
     const commits = await git.revList(
@@ -216,11 +260,18 @@ export async function createOrUpdateBranch(
     // Reset the temp branch to the working index
     await git.checkout(tempBranch, 'HEAD')
     // Reset the base
-    await git.fetch([`${base}:${base}`], baseRemote, ['--force'])
+    await git.fetch([`${base}:${base}`], baseRemote, fetchArgs)
   }
 
+  // Determine the fetch depth for the pull request branch (best effort)
+  const tempBranchCommitsAhead = await commitsAhead(git, base, tempBranch)
+  const fetchDepth =
+    tempBranchCommitsAhead > 0
+      ? tempBranchCommitsAhead + FETCH_DEPTH_MARGIN
+      : FETCH_DEPTH_MARGIN
+
   // Try to fetch the pull request branch
-  if (!(await tryFetch(git, branchRemoteName, branch))) {
+  if (!(await tryFetch(git, branchRemoteName, branch, fetchDepth))) {
     // The pull request branch does not exist
     core.info(`Pull request branch '${branch}' does not exist yet.`)
     // Create the pull request branch
@@ -254,7 +305,6 @@ export async function createOrUpdateBranch(
     //   temp branch. This catches a case where the base branch has been force pushed to
     //   a new commit.
     // For changes on base this reset is equivalent to a rebase of the pull request branch.
-    const tempBranchCommitsAhead = await commitsAhead(git, base, tempBranch)
     const branchCommitsAhead = await commitsAhead(git, base, branch)
     if (
       (await git.hasDiff([`${branch}..${tempBranch}`])) ||
@@ -283,6 +333,9 @@ export async function createOrUpdateBranch(
     result.hasDiffWithBase = await isAhead(git, base, branch)
   }
 
+  // Build the branch file changes
+  result.branchFileChanges = await buildBranchFileChanges(git, base, branch)
+
   // Get the pull request branch SHA
   result.headSha = await git.revParse('HEAD')
 

src/create-pull-request.ts

@@ -6,11 +6,12 @@ import {
 } from './create-or-update-branch'
 import {GitHubHelper} from './github-helper'
 import {GitCommandManager} from './git-command-manager'
-import {GitAuthHelper} from './git-auth-helper'
+import {GitConfigHelper} from './git-config-helper'
 import * as utils from './utils'
 
 export interface Inputs {
   token: string
+  gitToken: string
   path: string
   addPaths: string[]
   commitMessage: string
@@ -31,48 +32,22 @@ export interface Inputs {
   teamReviewers: string[]
   milestone: number
   draft: boolean
+  signCommit: boolean
 }
 
 export async function createPullRequest(inputs: Inputs): Promise<void> {
-  let gitAuthHelper
+  let gitConfigHelper, git
   try {
-    if (!inputs.token) {
-      throw new Error(`Input 'token' not supplied. Unable to continue.`)
-    }
-    if (inputs.bodyPath) {
-      if (!utils.fileExistsSync(inputs.bodyPath)) {
-        throw new Error(`File '${inputs.bodyPath}' does not exist.`)
-      }
-      // Update the body input with the contents of the file
-      inputs.body = utils.readFile(inputs.bodyPath)
-    }
-    // 65536 characters is the maximum allowed for the pull request body.
-    if (inputs.body.length > 65536) {
-      core.warning(
-        `Pull request body is too long. Truncating to 65536 characters.`
-      )
-      inputs.body = inputs.body.substring(0, 65536)
-    }
-
-    // Get the repository path
-    const repoPath = utils.getRepoPath(inputs.path)
-    // Create a git command manager
-    const git = await GitCommandManager.create(repoPath)
-
-    // Save and unset the extraheader auth config if it exists
     core.startGroup('Prepare git configuration')
-    gitAuthHelper = new GitAuthHelper(git)
+    const repoPath = utils.getRepoPath(inputs.path)
-    await gitAuthHelper.addSafeDirectory()
+    git = await GitCommandManager.create(repoPath)
-    await gitAuthHelper.savePersistedAuth()
+    gitConfigHelper = await GitConfigHelper.create(git)
     core.endGroup()
 
-    // Init the GitHub client
-    const githubHelper = new GitHubHelper(inputs.token)
-
     core.startGroup('Determining the base and head repositories')
-    // Determine the base repository from git config
+    const baseRemote = gitConfigHelper.getGitRemote()
-    const remoteUrl = await git.tryGetRemoteUrl()
+    // Init the GitHub client
-    const baseRemote = utils.getRemoteDetail(remoteUrl)
+    const githubHelper = new GitHubHelper(baseRemote.hostname, inputs.token)
     // Determine the head repository; the target for the pull request branch
     const branchRemoteName = inputs.pushToFork ? 'fork' : 'origin'
     const branchRepository = inputs.pushToFork
@@ -83,12 +58,22 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
       core.info(
         `Checking if '${branchRepository}' is a fork of '${baseRemote.repository}'`
       )
-      const parentRepository = await githubHelper.getRepositoryParent(
+      const baseParentRepository = await githubHelper.getRepositoryParent(
-        branchRepository
+        baseRemote.repository
       )
-      if (parentRepository != baseRemote.repository) {
+      const branchParentRepository =
+        await githubHelper.getRepositoryParent(branchRepository)
+      if (branchParentRepository == null) {
         throw new Error(
-          `Repository '${branchRepository}' is not a fork of '${baseRemote.repository}'. Unable to continue.`
+          `Repository '${branchRepository}' is not a fork. Unable to continue.`
+        )
+      }
+      if (
+        branchParentRepository != baseRemote.repository &&
+        baseParentRepository != branchParentRepository
+      ) {
+        throw new Error(
+          `Repository '${branchRepository}' is not a fork of '${baseRemote.repository}', nor are they siblings. Unable to continue.`
         )
       }
       // Add a remote for the fork
@@ -107,7 +92,7 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
     // Configure auth
     if (baseRemote.protocol == 'HTTPS') {
       core.startGroup('Configuring credential for HTTPS authentication')
-      await gitAuthHelper.configureToken(inputs.token)
+      await gitConfigHelper.configureToken(inputs.gitToken)
       core.endGroup()
     }
 
@@ -201,6 +186,8 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
       inputs.signoff,
       inputs.addPaths
     )
+    // Set the base. It would have been '' if not specified as an input
+    inputs.base = result.base
     core.endGroup()
 
     if (['created', 'updated'].includes(result.action)) {
@@ -208,17 +195,24 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
       core.startGroup(
         `Pushing pull request branch to '${branchRemoteName}/${inputs.branch}'`
       )
-      await git.push([
+      if (inputs.signCommit) {
-        '--force-with-lease',
+        await githubHelper.pushSignedCommit(
-        branchRemoteName,
+          branchRepository,
-        `${inputs.branch}:refs/heads/${inputs.branch}`
+          inputs.branch,
-      ])
+          inputs.base,
+          inputs.commitMessage,
+          result.branchFileChanges
+        )
+      } else {
+        await git.push([
+          '--force-with-lease',
+          branchRemoteName,
+          `${inputs.branch}:refs/heads/${inputs.branch}`
+        ])
+      }
       core.endGroup()
     }
 
-    // Set the base. It would have been '' if not specified as an input
-    inputs.base = result.base
-
     if (result.hasDiffWithBase) {
       // Create or update the pull request
       core.startGroup('Create or update the pull request')
@@ -239,6 +233,7 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
         core.setOutput('pull-request-operation', 'updated')
       }
       core.setOutput('pull-request-head-sha', result.headSha)
+      core.setOutput('pull-request-branch', inputs.branch)
       // Deprecated
       core.exportVariable('PULL_REQUEST_NUMBER', pull.number)
       core.endGroup()
@@ -267,11 +262,11 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
   } catch (error) {
     core.setFailed(utils.getErrorMessage(error))
   } finally {
-    // Remove auth and restore persisted auth config if it existed
     core.startGroup('Restore git configuration')
-    await gitAuthHelper.removeAuth()
+    if (inputs.pushToFork) {
-    await gitAuthHelper.restorePersistedAuth()
+      await git.exec(['remote', 'rm', 'fork'])
-    await gitAuthHelper.removeSafeDirectory()
+    }
+    await gitConfigHelper.close()
     core.endGroup()
   }
 }

src/git-command-manager.ts

@@ -105,7 +105,8 @@ export class GitCommandManager {
   async fetch(
     refSpec: string[],
     remoteName?: string,
-    options?: string[]
+    options?: string[],
+    unshallow = false
   ): Promise<void> {
     const args = ['-c', 'protocol.version=2', 'fetch']
     if (!refSpec.some(x => x === tagsRefSpec)) {
@@ -113,7 +114,9 @@ export class GitCommandManager {
     }
 
     args.push('--progress', '--no-recurse-submodules')
+
     if (
+      unshallow &&
       utils.fileExistsSync(path.join(this.workingDirectory, '.git', 'shallow'))
     ) {
       args.push('--unshallow')
@@ -163,6 +166,15 @@ export class GitCommandManager {
     return output.exitCode === 1
   }
 
+  async getChangedFiles(options?: string[]): Promise<string[]> {
+    const args = ['diff', '--name-only']
+    if (options) {
+      args.push(...options)
+    }
+    const output = await this.exec(args)
+    return output.stdout.split('\n').filter(filename => filename != '')
+  }
+
   async isDirty(untracked: boolean, pathspec?: string[]): Promise<boolean> {
     const pathspecArgs = pathspec ? ['--', ...pathspec] : []
     // Check untracked changes

src/git-config-helper.ts

@@ -5,22 +5,42 @@ import * as path from 'path'
 import {URL} from 'url'
 import * as utils from './utils'
 
-export class GitAuthHelper {
+interface GitRemote {
+  hostname: string
+  protocol: string
+  repository: string
+}
+
+export class GitConfigHelper {
   private git: GitCommandManager
   private gitConfigPath = ''
   private workingDirectory: string
   private safeDirectoryConfigKey = 'safe.directory'
   private safeDirectoryAdded = false
-  private extraheaderConfigKey: string
+  private remoteUrl = ''
+  private extraheaderConfigKey = ''
   private extraheaderConfigPlaceholderValue = 'AUTHORIZATION: basic ***'
   private extraheaderConfigValueRegex = '^AUTHORIZATION:'
   private persistedExtraheaderConfigValue = ''
 
-  constructor(git: GitCommandManager) {
+  private constructor(git: GitCommandManager) {
     this.git = git
     this.workingDirectory = this.git.getWorkingDirectory()
-    const serverUrl = this.getServerUrl()
+  }
-    this.extraheaderConfigKey = `http.${serverUrl.origin}/.extraheader`
+
+  static async create(git: GitCommandManager): Promise<GitConfigHelper> {
+    const gitConfigHelper = new GitConfigHelper(git)
+    await gitConfigHelper.addSafeDirectory()
+    await gitConfigHelper.fetchRemoteDetail()
+    await gitConfigHelper.savePersistedAuth()
+    return gitConfigHelper
+  }
+
+  async close(): Promise<void> {
+    // Remove auth and restore persisted auth config if it existed
+    await this.removeAuth()
+    await this.restorePersistedAuth()
+    await this.removeSafeDirectory()
   }
 
   async addSafeDirectory(): Promise<void> {
@@ -50,7 +70,57 @@ export class GitAuthHelper {
     }
   }
 
+  async fetchRemoteDetail(): Promise<void> {
+    this.remoteUrl = await this.git.tryGetRemoteUrl()
+  }
+
+  getGitRemote(): GitRemote {
+    return GitConfigHelper.parseGitRemote(this.remoteUrl)
+  }
+
+  static parseGitRemote(remoteUrl: string): GitRemote {
+    const httpsUrlPattern = new RegExp(
+      '^(https?)://(?:.+@)?(.+?)/(.+/.+?)(\\.git)?$',
+      'i'
+    )
+    const httpsMatch = remoteUrl.match(httpsUrlPattern)
+    if (httpsMatch) {
+      return {
+        hostname: httpsMatch[2],
+        protocol: 'HTTPS',
+        repository: httpsMatch[3]
+      }
+    }
+
+    const sshUrlPattern = new RegExp('^git@(.+?):(.+/.+)\\.git$', 'i')
+    const sshMatch = remoteUrl.match(sshUrlPattern)
+    if (sshMatch) {
+      return {
+        hostname: sshMatch[1],
+        protocol: 'SSH',
+        repository: sshMatch[2]
+      }
+    }
+
+    // Unauthenticated git protocol for integration tests only
+    const gitUrlPattern = new RegExp('^git://(.+?)/(.+/.+)\\.git$', 'i')
+    const gitMatch = remoteUrl.match(gitUrlPattern)
+    if (gitMatch) {
+      return {
+        hostname: gitMatch[1],
+        protocol: 'GIT',
+        repository: gitMatch[2]
+      }
+    }
+
+    throw new Error(
+      `The format of '${remoteUrl}' is not a valid GitHub repository URL`
+    )
+  }
+
   async savePersistedAuth(): Promise<void> {
+    const serverUrl = new URL(`https://${this.getGitRemote().hostname}`)
+    this.extraheaderConfigKey = `http.${serverUrl.origin}/.extraheader`
     // Save and unset persisted extraheader credential in git config if it exists
     this.persistedExtraheaderConfigValue = await this.getAndUnset()
   }
@@ -144,8 +214,4 @@ export class GitAuthHelper {
     content = content.replace(find, replace)
     await fs.promises.writeFile(this.gitConfigPath, content)
   }
-
-  private getServerUrl(): URL {
-    return new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com')
-  }
 }

src/github-helper.ts

@@ -1,6 +1,13 @@
 import * as core from '@actions/core'
 import {Inputs} from './create-pull-request'
 import {Octokit, OctokitOptions} from './octokit-client'
+import type {
+  Repository as TempRepository,
+  Ref,
+  Commit,
+  FileChanges
+} from '@octokit/graphql-schema'
+import {BranchFileChanges} from './create-or-update-branch'
 import * as utils from './utils'
 
 const ERROR_PR_REVIEW_TOKEN_SCOPE =
@@ -20,12 +27,16 @@ interface Pull {
 export class GitHubHelper {
   private octokit: InstanceType<typeof Octokit>
 
-  constructor(token: string) {
+  constructor(githubServerHostname: string, token: string) {
     const options: OctokitOptions = {}
     if (token) {
       options.auth = `${token}`
     }
-    options.baseUrl = process.env['GITHUB_API_URL'] || 'https://api.github.com'
+    if (githubServerHostname !== 'github.com') {
+      options.baseUrl = `https://${githubServerHostname}/api/v3`
+    } else {
+      options.baseUrl = 'https://api.github.com'
+    }
     this.octokit = new Octokit(options)
   }
 
@@ -44,7 +55,6 @@ export class GitHubHelper {
   ): Promise<Pull> {
     const [headOwner] = headRepository.split('/')
     const headBranch = `${headOwner}:${inputs.branch}`
-    const headBranchFull = `${headRepository}:${inputs.branch}`
 
     // Try to create the pull request
     try {
@@ -81,7 +91,7 @@ export class GitHubHelper {
     const {data: pulls} = await this.octokit.rest.pulls.list({
       ...this.parseRepository(baseRepository),
       state: 'open',
-      head: headBranchFull,
+      head: headBranch,
       base: inputs.base
     })
     core.info(`Attempting update of pull request`)
@@ -101,14 +111,12 @@ export class GitHubHelper {
     }
   }
 
-  async getRepositoryParent(headRepository: string): Promise<string> {
+  async getRepositoryParent(headRepository: string): Promise<string | null> {
     const {data: headRepo} = await this.octokit.rest.repos.get({
       ...this.parseRepository(headRepository)
     })
     if (!headRepo.parent) {
-      throw new Error(
+      return null
-        `Repository '${headRepository}' is not a fork. Unable to continue.`
-      )
     }
     return headRepo.parent.full_name
   }
@@ -183,4 +191,204 @@ export class GitHubHelper {
 
     return pull
   }
+
+  async pushSignedCommit(
+    branchRepository: string,
+    branch: string,
+    base: string,
+    commitMessage: string,
+    branchFileChanges?: BranchFileChanges
+  ): Promise<void> {
+    core.info(`Use API to push a signed commit`)
+
+    const [repoOwner, repoName] = branchRepository.split('/')
+    core.debug(`repoOwner: '${repoOwner}', repoName: '${repoName}'`)
+    const refQuery = `
+        query GetRefId($repoName: String!, $repoOwner: String!, $branchName: String!) {
+          repository(owner: $repoOwner, name: $repoName){
+            id
+            ref(qualifiedName: $branchName){
+              id
+              name
+              prefix
+              target{
+                id
+                oid
+                commitUrl
+                commitResourcePath
+                abbreviatedOid
+              }
+            }
+          },
+        }
+      `
+
+    let branchRef = await this.octokit.graphql<{repository: TempRepository}>(
+      refQuery,
+      {
+        repoOwner: repoOwner,
+        repoName: repoName,
+        branchName: branch
+      }
+    )
+    core.debug(
+      `Fetched information for branch '${branch}' - '${JSON.stringify(branchRef)}'`
+    )
+
+    const branchExists = branchRef.repository.ref != null
+
+    // if the branch does not exist, then first we need to create the branch from base
+    if (!branchExists) {
+      core.debug(`Branch does not exist - '${branch}'`)
+      branchRef = await this.octokit.graphql<{repository: TempRepository}>(
+        refQuery,
+        {
+          repoOwner: repoOwner,
+          repoName: repoName,
+          branchName: base
+        }
+      )
+      core.debug(
+        `Fetched information for base branch '${base}' - '${JSON.stringify(branchRef)}'`
+      )
+
+      core.info(
+        `Creating new branch '${branch}' from '${base}', with ref '${JSON.stringify(branchRef.repository.ref!.target!.oid)}'`
+      )
+      if (branchRef.repository.ref != null) {
+        core.debug(`Send request for creating new branch`)
+        const newBranchMutation = `
+          mutation CreateNewBranch($branchName: String!, $oid: GitObjectID!, $repoId: ID!) {
+            createRef(input: {
+              name: $branchName,
+              oid: $oid,
+              repositoryId: $repoId
+            }) {
+              ref {
+                id
+                name
+                prefix
+              }
+            }
+          }
+        `
+        const newBranch = await this.octokit.graphql<{createRef: {ref: Ref}}>(
+          newBranchMutation,
+          {
+            repoId: branchRef.repository.id,
+            oid: branchRef.repository.ref.target!.oid,
+            branchName: 'refs/heads/' + branch
+          }
+        )
+        core.debug(
+          `Created new branch '${branch}': '${JSON.stringify(newBranch.createRef.ref)}'`
+        )
+      }
+    }
+    core.info(
+      `Hash ref of branch '${branch}' is '${JSON.stringify(branchRef.repository.ref!.target!.oid)}'`
+    )
+
+    const fileChanges = <FileChanges>{
+      additions: branchFileChanges!.additions,
+      deletions: branchFileChanges!.deletions
+    }
+
+    const pushCommitMutation = `
+      mutation PushCommit(
+        $repoNameWithOwner: String!,
+        $branchName: String!,
+        $headOid: GitObjectID!,
+        $commitMessage: String!,
+        $fileChanges: FileChanges
+      ) {
+        createCommitOnBranch(input: {
+          branch: {
+            repositoryNameWithOwner: $repoNameWithOwner,
+            branchName: $branchName,
+          }
+          fileChanges: $fileChanges
+          message: {
+            headline: $commitMessage
+          }
+          expectedHeadOid: $headOid
+        }){
+          clientMutationId
+          ref{
+            id
+            name
+            prefix
+          }
+          commit{
+            id
+            abbreviatedOid
+            oid
+          }
+        }
+      }
+    `
+    const pushCommitVars = {
+      branchName: branch,
+      repoNameWithOwner: repoOwner + '/' + repoName,
+      headOid: branchRef.repository.ref!.target!.oid,
+      commitMessage: commitMessage,
+      fileChanges: fileChanges
+    }
+
+    const pushCommitVarsWithoutContents = {
+      ...pushCommitVars,
+      fileChanges: {
+        ...pushCommitVars.fileChanges,
+        additions: pushCommitVars.fileChanges.additions?.map(addition => {
+          // eslint-disable-next-line @typescript-eslint/no-unused-vars
+          const {contents, ...rest} = addition
+          return rest
+        })
+      }
+    }
+
+    core.debug(
+      `Push commit with payload: '${JSON.stringify(pushCommitVarsWithoutContents)}'`
+    )
+
+    const commit = await this.octokit.graphql<{
+      createCommitOnBranch: {ref: Ref; commit: Commit}
+    }>(pushCommitMutation, pushCommitVars)
+
+    core.debug(`Pushed commit - '${JSON.stringify(commit)}'`)
+    core.info(
+      `Pushed commit with hash - '${commit.createCommitOnBranch.commit.oid}' on branch - '${commit.createCommitOnBranch.ref.name}'`
+    )
+
+    if (branchExists) {
+      // The branch existed so update the branch ref to point to the new commit
+      // This is the same behavior as force pushing the branch
+      core.info(
+        `Updating branch '${branch}' to commit '${commit.createCommitOnBranch.commit.oid}'`
+      )
+      const updateBranchMutation = `
+        mutation UpdateBranch($branchId: ID!, $commitOid: GitObjectID!) {
+          updateRef(input: {
+            refId: $branchId,
+            oid: $commitOid,
+            force: true
+          }) {
+            ref {
+              id
+              name
+              prefix
+            }
+          }
+        }
+      `
+      const updatedBranch = await this.octokit.graphql<{updateRef: {ref: Ref}}>(
+        updateBranchMutation,
+        {
+          branchId: branchRef.repository.ref!.id,
+          commitOid: commit.createCommitOnBranch.commit.oid
+        }
+      )
+      core.debug(`Updated branch - '${JSON.stringify(updatedBranch)}'`)
+    }
+  }
 }

src/main.ts

@@ -7,6 +7,7 @@ async function run(): Promise<void> {
   try {
     const inputs: Inputs = {
       token: core.getInput('token'),
+      gitToken: core.getInput('git-token'),
       path: core.getInput('path'),
       addPaths: utils.getInputAsArray('add-paths'),
       commitMessage: core.getInput('commit-message'),
@@ -26,10 +27,32 @@ async function run(): Promise<void> {
       reviewers: utils.getInputAsArray('reviewers'),
       teamReviewers: utils.getInputAsArray('team-reviewers'),
       milestone: Number(core.getInput('milestone')),
-      draft: core.getBooleanInput('draft')
+      draft: core.getBooleanInput('draft'),
+      signCommit: core.getBooleanInput('sign-commit')
     }
     core.debug(`Inputs: ${inspect(inputs)}`)
 
+    if (!inputs.token) {
+      throw new Error(`Input 'token' not supplied. Unable to continue.`)
+    }
+    if (!inputs.gitToken) {
+      inputs.gitToken = inputs.token
+    }
+    if (inputs.bodyPath) {
+      if (!utils.fileExistsSync(inputs.bodyPath)) {
+        throw new Error(`File '${inputs.bodyPath}' does not exist.`)
+      }
+      // Update the body input with the contents of the file
+      inputs.body = utils.readFile(inputs.bodyPath)
+    }
+    // 65536 characters is the maximum allowed for the pull request body.
+    if (inputs.body.length > 65536) {
+      core.warning(
+        `Pull request body is too long. Truncating to 65536 characters.`
+      )
+      inputs.body = inputs.body.substring(0, 65536)
+    }
+
     await createPullRequest(inputs)
   } catch (error) {
     core.setFailed(utils.getErrorMessage(error))

src/octokit-client.ts

@@ -1,8 +1,8 @@
 import {Octokit as Core} from '@octokit/core'
 import {paginateRest} from '@octokit/plugin-paginate-rest'
 import {restEndpointMethods} from '@octokit/plugin-rest-endpoint-methods'
-import {HttpsProxyAgent} from 'https-proxy-agent'
 import {getProxyForUrl} from 'proxy-from-env'
+import {ProxyAgent, fetch as undiciFetch} from 'undici'
 export {RestEndpointMethodTypes} from '@octokit/plugin-rest-endpoint-methods'
 export {OctokitOptions} from '@octokit/core/dist-types/types'
 
@@ -12,12 +12,23 @@ export const Octokit = Core.plugin(
   autoProxyAgent
 )
 
+const proxyFetch =
+  (proxyUrl: string): typeof undiciFetch =>
+  (url, opts) => {
+    return undiciFetch(url, {
+      ...opts,
+      dispatcher: new ProxyAgent({
+        uri: proxyUrl
+      })
+    })
+  }
+
 // Octokit plugin to support the standard environment variables http_proxy, https_proxy and no_proxy
 function autoProxyAgent(octokit: Core) {
   octokit.hook.before('request', options => {
     const proxy = getProxyForUrl(options.baseUrl)
     if (proxy) {
-      options.request.agent = new HttpsProxyAgent(proxy)
+      options.request.fetch = proxyFetch(proxy)
     }
   })
 }

src/utils.ts

@@ -41,53 +41,6 @@ export function getRepoPath(relativePath?: string): string {
   return repoPath
 }
 
-interface RemoteDetail {
-  hostname: string
-  protocol: string
-  repository: string
-}
-
-export function getRemoteDetail(remoteUrl: string): RemoteDetail {
-  // Parse the protocol and github repository from a URL
-  // e.g. HTTPS, peter-evans/create-pull-request
-  const githubUrl = process.env['GITHUB_SERVER_URL'] || 'https://github.com'
-
-  const githubServerMatch = githubUrl.match(/^https?:\/\/(.+)$/i)
-  if (!githubServerMatch) {
-    throw new Error('Could not parse GitHub Server name')
-  }
-
-  const hostname = githubServerMatch[1]
-
-  const httpsUrlPattern = new RegExp(
-    '^https?://.*@?' + hostname + '/(.+/.+?)(\\.git)?$',
-    'i'
-  )
-  const sshUrlPattern = new RegExp('^git@' + hostname + ':(.+/.+)\\.git$', 'i')
-
-  const httpsMatch = remoteUrl.match(httpsUrlPattern)
-  if (httpsMatch) {
-    return {
-      hostname,
-      protocol: 'HTTPS',
-      repository: httpsMatch[1]
-    }
-  }
-
-  const sshMatch = remoteUrl.match(sshUrlPattern)
-  if (sshMatch) {
-    return {
-      hostname,
-      protocol: 'SSH',
-      repository: sshMatch[1]
-    }
-  }
-
-  throw new Error(
-    `The format of '${remoteUrl}' is not a valid GitHub repository URL`
-  )
-}
-
 export function getRemoteUrl(
   protocol: string,
   hostname: string,
@@ -173,6 +126,10 @@ export function readFile(path: string): string {
   return fs.readFileSync(path, 'utf-8')
 }
 
+export function readFileBase64(pathParts: string[]): string {
+  return fs.readFileSync(path.resolve(...pathParts)).toString('base64')
+}
+
 /* eslint-disable  @typescript-eslint/no-explicit-any */
 function hasErrorCode(error: any): error is {code: string} {
   return typeof (error && error.code) === 'string'